Child pages
  • How to use Diffie Hellman Key Exchange with SNMP4J?

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Fixed typos

...

Code Block
languagejava
titleDH Kickstart
private int usmDHKickstartRun() {
    OctetString dhKickstart = new OctetString(DHOperations.DH_KICKSTART_SEC_NAME);
    target.setSecurityName(dhKickstart);
    snmp.getUSM().addUser(dhKickstart, new UsmUser(dhKickstart,
            SnmpConstants.usmNoAuthProtocol, null,
            SnmpConstants.usmNoPrivProtocol, null));
    String dhParametersValArg = (String) ArgumentParser.getValue(settings, "dhp", 0);
    OctetString dhParametersVal = OctetString.fromHexString(dhParametersValArg);
    List<Object> userNames = settings.get("user");
    String privateKeysFilename = (String) ArgumentParser.getValue(settings, "privateKeysFile", 0);
    File privateKeysFile = new File(privateKeysFilename);
    if (!privateKeysFile.exists()) {
        System.err.println("Private key file '"+privateKeysFile+"' does not exist");
        return 1;
    }
    else if (!privateKeysFile.canRead()) {
        System.err.println("Private key file '"+privateKeysFile+"' cannot be read");
        return 2;
    }
    String dhPropertiesPrefix = (String) ArgumentParser.getValue(settings, "dhx", 0);
    if (dhPropertiesPrefix == null) {
        System.err.println("Mandatory parameter 'dhx' with DH properties prefix is not set for DH kickstart run");
        return 3;
    }
    Properties privateKeysProps = new Properties();
    Map<OctetString, OctetString[]> privateKeyMap = new HashMap<>();
    try {
        DHParameters dhParameters = DHParameters.getDHParametersFromBER(dhParametersVal);
        FileInputStream privateKeysIS = new FileInputStream(privateKeysFile);
        privateKeysProps.load(privateKeysIS);
        for (Object key : privateKeysProps.keySet()) {
            if (key.toString().startsWith(dhPropertiesPrefix+DHOperations.DH_PRIVATE_KEY_PROPERTY)) {
                String userName = key.toString().substring(dhPropertiesPrefix.length()+
                        DHOperations.DH_PRIVATE_KEY_PROPERTY.length());
                if (userName.length() > 0 && (userNames.contains(userName) || (userNames.size() == 0))) {
                    String privateKeyHexString = privateKeysProps.getProperty(key.toString());
                    OctetString privateKeyOctets = OctetString.fromString(privateKeyHexString,16);
                    String publicKeyHexString = privateKeysProps.getProperty(dhPropertiesPrefix+
                            DHOperations.DH_PUBLIC_KEY_PROPERTY +userName);
                    String authProto = privateKeysProps.getProperty(dhPropertiesPrefix+
                            DHOperations.DH_AUTH_PROTOCOL_PROPERTY +userName);
                    String privProto = privateKeysProps.getProperty(dhPropertiesPrefix+
                            DHOperations.DH_AUTHPRIV_PROTOCOL_PROPERTY +userName);
                    OctetString publicKeyOctets = OctetString.fromString(publicKeyHexString, 16);
                    privateKeyMap.put(publicKeyOctets,
                            new OctetString[] { privateKeyOctets, new OctetString(userName),
                                    (authProto == null) ? null : new OctetString(authProto),
                                    (privProto == null) ? null : new OctetString(privProto) });
                }
            }
        }
        Map<OctetString, OctetString[]> publicKeysMap =
                DHOperations.getDHKickstartPublicKeys(snmp, pduFactory, target, privateKeyMap.keySet());
        for (Entry<OctetString, OctetString[]> publicKeyEntry : publicKeysMap.entrySet()) {
           OctetString[] privateKeyInfo = privateKeyMap.get(publicKeyEntry.getKey());
           OctetString publicKeyOctets = publicKeyEntry.getValue()[0];
           if (privateKeyInfo != null) {
                KeyPair keyPair = DHOperations.createKeyPair(publicKeyEntry.getKey(), privateKeyInfo[0], dhParameters);
                KeyAgreement keyAgreement = DHOperations.getInitializedKeyAgreement(keyPair);
                byte[] sharedKey =
                        DHOperations.computeSharedKey(keyAgreement, publicKeyOctets.getValue(),
                                dhParameters);
                OID authProto = new OID(SnmpConstants.usmHMACMD5AuthProtocol);
                if (privateKeyInfo[2] != null) {
                    authProto = new OID(privateKeyInfo[2].toString());
                }
                OID privProto = new OID(SnmpConstants.usmDESPrivProtocol);
                if (privateKeyInfo[3] != null) {
                    privProto = new OID(privateKeyInfo[3].toString());
                }
                System.out.println(privateKeyInfo[1]+":="+new OctetString(sharedKey).toString(16)+"["+
                        authProto+";"+privProto+"]");
           }
        }
        return 0;
    } catch (FileNotFoundException e) {
        e.printStackTrace();
        // should not happen
        return 1;
    } catch (IOException e) {
        e.printStackTrace();
        return 3;
    }
}

...